We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Evolver, LLC jobs

Cybersecurity Risk Management Analyst - Component Level

Evolver, LLC
vision insurance, flexible benefit account, parental leave, 401(k)
United States, Virginia, Springfield
6595 Springfield Center Drive (Show on map)
Jul 09, 2025

Evolver Federal is seeking a Cybersecurity Risk Management Analyst - Component Level to support its Federal client in Springfield, VA in managing all aspects of cybersecurity risk and compliance including, but not limited to developing and maintaining processes and tools, being the primary point person in stakeholder engagement and communication, developing and facilitating FISMA metrics and reporting, and supporting all aspects of the client's security authorization and compliance processes.

The successful candidate will have previous experience leveraging their in-depth working knowledge of NIST 800-37 (Risk Management Framework (RMF) and NIST 800-53 Rev 5, as well as previous experience developing and maintaining cybersecurity policies and procedures and reporting on FISMA metrics.

Responsibilities



  • Prepare and maintain security authorization packages for Federal review and approval.
  • Develop authorization memos, collect artifacts, and identify risk weaknesses.
  • Provide guidance on RMF processes, assessment readiness, and risk/threat assessments.
  • Support post-assessment POA&M consolidation and remediation planning.
  • Provide quality assurance for all security authorization documentation.
  • Develop and update SOPs
  • Prepare and deliver all required security authorization artifacts and reports.
  • Review, analyze, and report on FISMA metrics and discrepancies.
  • Generate monthly reports on FISMA Scorecard and ISCM quality issues.
  • Prepare reports on aggregate system risk and deliver weekly updates on outstanding tickets.
  • Attend compliance meetings and provide formatted status reports.
  • Review and process FISMA Inventory Change Requests, and update system data in the system portfolio repository.
  • Provide risk determinations for authorizations, remediation, and audits.
  • Support security impact analysis for system changes.
  • Attend SDLC/SELC meetings to assess business requirements against NIST/DHS controls.
  • Identify and escalate risks to Federal Compliance Manager
  • Track status and inform stakeholders of upcoming and compliance activities (e.g., FISMA scorecard, ATO, POA&Ms, PTA expirations) and advise stakeholders on expiring CP/CPT, POA&Ms, and privacy documents.
  • Support updates to ISSO, ISSM, and System Owner Designation Letters.
  • Provide cybersecurity SME support to programs and systems.
  • Communicate clearly with system owners, developers, and executive leadership on various cybersecurity, risk and compliance topics.
  • Support development of compliance processes and tools.
  • Maintain daily updates on tasks and project status via SharePoint.
  • Review and analyze policy, identify discrepancies, and update accordingly.
  • Provide support for updates to policies, procedures, and guidelines
  • Apply knowledge of NIST 800-53 security controls and recommend appropriate allocation to support and enterprise-wide common controls program. Advise the government client on which controls are appropriate as common controls and relevant to be inherited by all or a subset of systems in the enterprise portfolio. Also advise on system level controls, and review/ validate control inheritance.
  • Develop, maintain, and make recommendations for enhancing Cybersecurity Policies,
  • Coordinate, schedule, develop agendas, and facilitate meetings with all levels of government and contractor stakeholders.
  • Ensure testing of common controls aligns with the Risk Management Framework (RMF) and DHS 4300 policy.
  • Recommend updates to DHS 4300 policies, attachments, memos, and cybersecurity directives.
  • Develop and manage RMF-related processes, procedures, and documentation templates.
  • Prepare executive summaries, talking points, and slide decks for CISO/CIO briefings.
  • Maintain documentation in Microsoft Teams, SharePoint, and other shared platforms.
  • Develop and update training materials and PowerPoint presentations on inventory processes.
  • Perform other duties as assigned by the Government.
  • Ability to work efficiently and effectively in a dynamic and fast-paced environment.



Basic Qualifications



  • 5 years of related experience with Bachelor's Degree or 8 years of overall related experience in a relevant field
  • 5 years of experience with NIST 800-37, experience that can span across a subset, or all, of the steps within the Risk Management Framework.
  • 1 year of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include documenting control implementation statements, evaluating and validating security control implementation.
  • 3 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs).
  • 1 year of experience with NIST SP 800-53, 800-37, DHS 4300A/B
  • 1 year of experience with the POA&M management process, with 1 year of experience in various phases of the lifecycle/ process.
  • 1 year of experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management.
  • 1 year of experience using government GRC tools such as Archer, IACS, CSAM, etc.
  • 1 year of client-engagement experience.
  • Must have one of the following certifications: CISSP, CISM, CISA, CAP, C|ISSO, CEH
  • Must have an active DOD Secret clearance



Preferred Qualifications



  • 2 years of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include documenting control implementation statements, evaluating and validating security control implementation.
  • 5 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs).
  • Ability to schedule and lead meetings, including Working Groups and formal Governance Groups, with a diverse group of government and contractor stakeholders at various levels within the organization, including developing and maintaining agendas, meeting notes, and meeting records, including maintaining a repository of all meeting records.
  • Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations. Previous experience communicating with system owners, developers, and executive leadership is required.
  • Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads.
  • Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
  • Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
  • Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.
  • Excellent organizational skills and attention to detail.
  • Strong analytical, critical thinking, and problem-solving skills.
  • DHS HQ or Component- level experience preferred.



Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.

Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.

Applied = 0
MORE JOBS LIKE THIS

(web-8588dfb-dbztl)